Skype Trojan targets Syrian citizen journalists, activists

The Russian manufacturer promises
results. The software can be used to control your own or, say, a customer's
computer by making it a remote software client. Or it could be used for spying
on others.

"BlackShades Remote Controller
also provides an efficient way of turning your machine into a surveillance/spy-device or
to spy on a specific system," reads one line of the online product description.
The software sells online for $40 (an additional $12.60 brings premium support)
through the Canadian E-Commerce reseller paypro, and it can surreptitiously record keystrokes and screen
views while giving the intruder clandestine remote access to the target
computer.

The terms of service
include several disclaimers. Purchasers must be "of legal age to use our
services and are not a person barred from receiving services under the laws of
Russia or other applicable jurisdiction." Purchasers must further agree to not
use BlackShades to "harm people in any way," or "upload, post or otherwise make
available any Content that you do not have a right to make available," or
"provide material support or resources...to any organization(s) designated by the
Russian government as a foreign terrorist organization."

The spyware has been embedded into
what looks like just one of many .pif video files being circulated by Syrian
activists on Skype to help document attacks and human rights abuses by Syrian
government and pro-government forces, according to a report posted
yesterday by the University of Toronto's Citizen
Lab. North American-based forensic experts dissected the Trojan spyware
embedded in the video file circulating on Skype, which ends with the extension "new_new.pif."

The digital workings of the latest
Skype Trojan are similar to those of a prior YouTube video Trojan that also
targeted Syrian activists, according to a report
yesterday by the San Francisco-based nonprofit
Electronic Frontier Foundation. The EFF report includes screen shots to help
Syrian activists and other users identify the specific harmful files.

Yet merely deleting the files or
using anti-virus software "does not
guarantee that your computer will be safe or secure," added EFF. The remote
control access that BlackShades provides could allow intruders to install other
spyware on one's computer. What's the safest bet? EFF suggests re-installing the
computer's Operating System and changing all passwords to any accounts that one
has logged into since the infection.